CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/06 12:0 a.m.•16 views

CVE-2026-30613

An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch 16amp- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from th...

0.0004EPSS

Vulnrichment•added 2026/04/06 12:0 a.m.•1 views

CVE-2026-30613

5.9AI score0.0004EPSS

Exploit DB•added 2026/04/06 12:0 a.m.•85 views

is-localhost-ip 2.0.0 - SSRF

Titles: is-localhost-ip 2.0.0 - SSRF Author: nu11secur1ty Date: 11/09/2025 Vendor: https://github.com/tinovyatkin/is-localhost-ip Software: https://github.com/tinovyatkin/is-localhost-ip/releases/tag/v2.0.0 Reference: https://portswigger.net/web-security/ssrf Description: SSRF PoC — Professional...

6.9CVSS5.9AI score0.0008EPSS

Exploits2

OSV•added 2026/04/05 8:5 p.m.•1 views

MAL-2026-2495 Malicious code in cloudera (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11ddf3c5a1eb28ca1531748670bd932bda38d78b04ae81c983361465a2076f57 The package cloudera was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2026/04/05 9:3 a.m.•4 views

Malicious code in @needl-ai/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1b98ae2755d0fd7d61bc3dfd378dc1bad2eadf7ef0033ba66bbf1383a711e5c The package @needl-ai/common was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score

The Hacker News•added 2026/04/05 5:7 a.m.•6 views

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package...

6.8AI score

Exploits0

NVD•added 2026/04/05 2:16 a.m.•4 views

CVE-2026-5532

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS0.00195EPSS

Cvelist•added 2026/04/05 1:15 a.m.•27 views

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

7.5CVSS0.00195EPSS

CVE•added 2026/04/05 1:15 a.m.•9 views

CVE-2026-5532

The CVE-2026-5532 entry concerns ScrapeGraphAI scrapegraph-ai (up to version 1.74.0). The vulnerable element is the function create_sandbox_and_execute in scrapegraphai/nodes/generate_code_node.py of the GenerateCodeNode Component, where manipulation leads to an OS command injection. The attack c...

7.5CVSS6.2AI score0.00195EPSS

Vulnrichment•added 2026/04/05 1:15 a.m.•4 views

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

7.5CVSS6.2AI score0.00195EPSS

Positive Technologies•added 2026/04/05 12:0 a.m.•2 views

PT-2026-30403

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create sandbox and execute of the file scrapegraphai/nodes/generate code node.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack m...

7.5CVSS5.6AI score0.00195EPSS

Exploits0References5

Tenable Nessus•added 2026/04/05 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-23426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/logicvc: Fix device node reference leak in logicvcdrmconfigparse The logicvcdrmconfigparse function calls ofgetchildbyname to find the layers node but fails...

5.5CVSS6.1AI score0.00015EPSS

VulnCheck KEV•added 2026/04/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2025-59528

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided...

10CVSS6.1AI score0.85265EPSS

In wildExploits21References12

NVD•added 2026/04/04 1:16 a.m.•2 views

CVE-2026-34780

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects from the WebCodecs API across the...

8.3CVSS0.00012EPSS

NVD•added 2026/04/04 12:16 a.m.•3 views

CVE-2026-34775

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...

9.8CVSS0.00013EPSS

CNNVD•added 2026/04/04 12:0 a.m.•3 views

Electron 安全漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There are security vulnerabilities in versions ...

9.8CVSS5.9AI score0.00013EPSS